> ## Documentation Index
> Fetch the complete documentation index at: https://docs.arcuserp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Audit Log and Compliance

> The Audit Log shows security, settings, data, and workflow activity for the active entity. Use it to answer who did what, when it happened, whether the action succeeded, and which resource was affected.

## Who Should Use This Page?

Audit Log is for owners, administrators, and compliance reviewers who need to review
account activity, permission changes, exports, failed actions, configuration changes,
and period-close activity.

* **Admins** use it to investigate access, settings, and workflow questions.
* **Managers** use it to confirm approvals, denials, exports, and failed actions.
* **Finance reviewers** use it during month-end, audit prep, and exception review.
* **Support teams** can ask for the entry ID or entry hash when investigating a specific action.

<Warning>
  **Audit access is sensitive**
  The log can show user names, resource names, action history, session context, and before
  or after change details. Grant audit access only to people who need it for administration,
  security, or compliance work.
</Warning>

## Open the Audit Log

1. Open **Admin**.
2. Choose **Organization**.
3. Select **Audit Log**.
4. Review the activity chart, severity summary, filters, and entry table.

<Frame caption={"Audit Log combines activity volume, severity counts, filter presets, detailed filters, and an activity table in one review surface."}>
  <img src="https://mintcdn.com/arcuserp/5v8ggAMP6rzMRoYX/images/support/screenshots/admin-access/audit-log-overview.png?fit=max&auto=format&n=5v8ggAMP6rzMRoYX&q=85&s=26a040d60deb3e1b606499a1e1337af1" alt="Audit Log page with activity chart, severity tiles, date presets, saved filters, filter controls, and activity table" width="1640" height="980" data-path="images/support/screenshots/admin-access/audit-log-overview.png" />
</Frame>

Admins start in the broader entity activity view. Users without broader audit
authority may start in their own activity view.

## Read the Overview

Start at the top of the page before narrowing the table. The chart and severity tiles
help you spot unusual activity spikes, failures, warnings, or critical events.

* **Activity chart**: shows activity volume over the selected time window.
* **Severity tiles**: summarize info, notice, warning, and critical entries. Click a tile to filter by that severity.
* **Date presets**: switch between this hour, this day, this week, this month, all time, or a custom range.
* **Page count**: shows how many matching entries are available after filters are applied.

<Tip>
  **Start broad, then narrow**
  For investigations, begin with This week and entity activity. Then add the user,
  resource, outcome, or search text once you know what pattern you are chasing.
</Tip>

## Use Filters

Filters help you move from a large activity history to the exact activity you need.
The visible table updates after filter changes.

<Frame caption={"Use filters to isolate activity by scope, severity, outcome, resource, action, user, IP address, session ID, or text search."}>
  <img src="https://mintcdn.com/arcuserp/5v8ggAMP6rzMRoYX/images/support/screenshots/admin-access/audit-log-filters.png?fit=max&auto=format&n=5v8ggAMP6rzMRoYX&q=85&s=aa3867b287734efa7649389d041c50da" alt="Audit Log filters including scope, severity, outcome, resource, action, user, IP address, session ID, and search" width="1640" height="520" data-path="images/support/screenshots/admin-access/audit-log-filters.png" />
</Frame>

* **Scope**: choose all entity activity or only your own activity.
* **Jump to my activity**: quickly filters the log to your own actions.
* **Jump to entity activity**: clears the user jump and returns to broader entity activity.
* **Severity**: isolate info, notice, warning, or critical entries.
* **Outcome**: review successful, failed, or denied actions.
* **Resource**: focus on a type of record or configuration area.
* **Action**: focus on a specific action type, such as create, update, export, approve, or delete.
* **User**: review activity from one user when your role allows user filtering.
* **IP address and Session ID**: investigate activity from a specific device, browser session, or network source.
* **Search**: search actions, users, and resource names.

The user filter is available only when your role can administer audit review and view
users. If the user picker is missing, use search, scope, resource, action, or session
filters instead.

## Save Filter Presets

Save filter presets for recurring review jobs. For example, create a preset for failed
actions this week, permission changes, data exports, or critical settings activity.

1. Set the date range and filters you want to reuse.
2. Select **Save current filters**.
3. Name the preset clearly.
4. Use the saved preset chip the next time you need that view.
5. Delete stale presets when they no longer match your review process.

<Note>
  **Presets are a reviewer convenience**
  A saved preset helps you reopen the same filter view. It does not change audit retention,
  record visibility, permissions, or the underlying activity history.
</Note>

Presets are saved for your browser and the active entity. Recreate them if you switch
browsers or use another workstation.

## Open an Audit Entry

Click a table row to open the entry drawer. The drawer is the best place to review a
single event because it shows context beyond the table columns.

<Frame caption={"The entry drawer provides the detailed context reviewers need for one activity event."}>
  <img src="https://mintcdn.com/arcuserp/5v8ggAMP6rzMRoYX/images/support/screenshots/admin-access/audit-log-entry-drawer.png?fit=max&auto=format&n=5v8ggAMP6rzMRoYX&q=85&s=f1a9fd7752b46c095d8bd57cbf5cbebc" alt="Audit entry drawer showing severity, outcome, time, description, user, resource, change details, metadata, session context, and chain values" width="680" height="720" data-path="images/support/screenshots/admin-access/audit-log-entry-drawer.png" />
</Frame>

* **Header chips**: show severity, outcome, and event time.
* **Description**: summarizes what happened in plain language when available.
* **User**: shows the person or system actor associated with the event.
* **Resource**: shows the area or record affected by the action.
* **Changes**: shows before and after values when the event has change details.
* **Metadata**: shows extra event context when available.
* **Session**: shows IP, session ID, and browser context when available.
* **Chain**: shows integrity values used to verify that activity history remains consistent.

<Tip>
  **Use Copy ID for support escalations**
  When asking for help with one specific audit event, copy the entry ID from the drawer.
  Copy the entry hash when the question is about integrity or tamper review.
</Tip>

## Share a Deep Link

When you open an audit entry, the browser URL updates to that entry. Copy that URL when
another authorized admin needs to review the same event. The other person must still have
permission to view the Audit Log.

## Export Activity

Use the Export menu when a reviewer needs the current filtered activity outside Arcus.
Exports use the filters currently on the page, so set the date, scope, and other filters
before downloading.

* **Export CSV**: best for spreadsheet review, sorting, and simple audit packages.
* **Export JSON**: best for technical review or structured archival by your internal team.

<Warning>
  **Protect exported audit files**
  Audit exports can contain sensitive operational history. Store exported files only in
  approved locations and delete temporary copies after the review is complete.
</Warning>

## Run Compliance Reports

Compliance reports are focused downloads for common review questions. Set the date range
first, then open the Compliance menu and choose the report type.

<Frame caption={"Compliance reports turn common review questions into focused downloads using the selected date range."}>
  <img src="https://mintcdn.com/arcuserp/5v8ggAMP6rzMRoYX/images/support/screenshots/admin-access/audit-log-compliance-menu.png?fit=max&auto=format&n=5v8ggAMP6rzMRoYX&q=85&s=3e580d78c10ba8b6b50819faeb443861" alt="Audit Log Compliance menu with user access, permission changes, data exports, failed actions, config changes, and period close activity reports" width="560" height="430" data-path="images/support/screenshots/admin-access/audit-log-compliance-menu.png" />
</Frame>

* **User Access Report**: review access-related activity.
* **Permission Changes**: review role, permission, and access-control changes.
* **Data Exports**: review export activity.
* **Failed Actions**: review failed or blocked activity.
* **Config Changes**: review settings and configuration changes.
* **Period Close Activity**: review accounting close actions.

## Verify Integrity

Verify Integrity checks whether the recorded activity chain and archived audit records
are still consistent. This is a compliance review tool, not a filter.

1. Select **Verify Integrity**.
2. Wait for the verification to finish.
3. Review the result modal.
4. If the result is not valid, stop relying on exports from that period until an owner or Arcus support reviews it.

<Note>
  **Verification can take longer on busy entities**
  The check may review current activity and archived audit history. Run it when you need a
  compliance confirmation, not after every routine filter change.
</Note>

After a successful verification, Arcus can show a last-verified badge. Open the badge
when you need to revisit the most recent verification result without immediately running
the check again.

## Common Investigations

* **Who changed a setting?** Filter by config actions, date range, and search terms from the setting name.
* **Why was a user blocked?** Filter by user, failed or denied outcome, and the time window of the report.
* **Who exported data?** Use the Data Exports compliance report or filter by export actions.
* **Who changed permissions?** Use the Permission Changes compliance report and compare it to User Management.
* **What happened during close?** Use Period Close Activity and review entries around the close request or approval time.
* **Which activity came from one device?** Filter by IP address or session ID when that context is available.

## Common Blocks

* **You cannot open Audit Log**: your role may not include audit access. Ask an owner or admin to review your role.
* **No entries appear**: broaden the date range, clear user filters, clear search text, and return to entity activity.
* **User filter is missing**: your role may not allow viewing or filtering users.
* **Export has fewer rows than expected**: the export follows the current filters and date range.
* **Entry drawer is empty after a shared link**: the entry may be outside the current result set, archived differently, or not visible to your role.
* **Integrity check fails**: preserve the result, avoid overwriting evidence, and escalate to an owner or Arcus support.

## Related Articles

<CardGroup cols={2}>
  <Card title="User Management" href="/support/settings/users">
    Invite users, manage entity access, roles, permissions, location restrictions, PINs, and MFA reset workflows.
  </Card>

  <Card title="Profile and Security" href="/support/settings/profile-security">
    Manage profile details, PIN lock, MFA, security keys, and recovery options.
  </Card>

  <Card title="Settings Overview" href="/support/settings/overview">
    Understand the admin surfaces, settings groups, and workflow impact areas.
  </Card>

  <Card title="Documents and Email" href="/support/settings/documents-email">
    Configure PDF terms, document numbering, sender identity, notification toggles, templates, and quote expiration.
  </Card>

  <Card title="Pay Bills and Print Checks" href="/support/accounting/pay-bills">
    Pay open vendor bills by check, ACH, ACH file, wire, or cash.
  </Card>
</CardGroup>
